How severe is CVE-2024-5716?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2024-5716?

This is classified as CWE-307, which is a common weakness in software security.

CVE-2024-5716 - HIGH Severity | CVSS 8.6

Vulnerability Description

Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password reset mechanism. The issue results from the lack of restriction of excessive authentication attempts. An attacker can leverage this vulnerability to reset a user's password and bypass authentication on the system. Was ZDI-CAN-24164.

Related Vulnerabilities

CVE-2020-4567

HIGH

CVSS:8.6(High)

IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 184156.

CWE-3072020

CVE-2009-5140

HIGH

CVSS:8.8(High)

The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain acces...

CWE-3072009

CVE-2019-14351

HIGH

CVSS:8.8(High)

EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterL...

CWE-3072019

CVE-2019-17525

HIGH

CVSS:8.8(High)

The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks.

CWE-3072019

CVE-2020-13872

HIGH

CVSS:8.8(High)

Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach.

CWE-3072020

CVE-2021-35472

HIGH

CVSS:8.8(High)

An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker mi...

CWE-3072021